Archive for the ‘computers and software’ Category

Last week Anonymous released a press release stating they would be revealing the identities of 1,000 Ku Klux Klan/KKK members, and the news lit up social media within minutes. The Daily Kos article which has also appeared on Anonymous Twitter pages reached over a million people and garnered over 80,000 Facebook likes/shares in a matter of days. Dislodging and unraveling the KKK is something the public has been craving for decades.

I don’t know how they’re going to pick those names or where they got them from, but to the extent that they include members of the military, of police forces, of the Legislature, or of the Judiciary–or anyone who holds a position of public trust–the release of names of extremists is reasonable. We don’t want a left-wing version of McCarthyism, but neither do we want people who have falsely sworn an oath of allegiance to the United States serving in positions of trust.

Like this:

One section of the Web forum is dedicated to watching black men die, while another is called “CoonTown” and features users wondering if there are any states left that are “nigger free.” One conversation focuses on the state of being “Negro Free,” while another is about how best to bring attention to the assertion that black people are more prone to commit sexual assaults than whites.

But these discussions aren’t happening on Stormfront, which since its founding in 1995 by a former Alabama Klan leader has been the largest hate forum on the Web. They’re taking place on Reddit…

Along with countless others with entirely different interests, Reddit increasingly is providing a home for anti-black racists — and some of the most virulent and violent propaganda around. In November 2013, a hyper-racist subreddit called “GreatApes” was formed. Users posted epithet-strewn links to “news” stories of dubious origin that riffed on long established stereotypes about the black community. GreatApes was wildly popular and grew quickly, expanding into a much larger Reddit network called “the Chimpire,” which was organized by a user known only by his or her posting name of “Jewish_NeoCon2.”
…
These gruesome videos show black men being hit in the head repeatedly with a hammer, burned alive, and killed in a variety of other ways. The subreddit’s banner features a cartoon of a black man hanging, complete with a Klansman in the background. One fairly typical user, “Bustatruggalo” applauded the graphic violence as “[v]ery educational and entertaining.” He or she continued on a separate thread: “I almost feel bad for letting an image like this fill me with an overwhelming amount of joy. Almost….”

Others, like user “natchil,” were looking for still more. “Where is watchjewsdie?” this user wondered.
…
Condé Nast, one of the largest mass media companies in the United States, acquired Reddit in 2006, although the Internet company still operates independently.

RUSSIA and China have cracked the top-secret cache of files stolen by the fugitive US whistleblower Edward Snowden, forcing MI6 to pull agents out of live operations in hostile countries, according to senior officials in Downing Street, the Home Office and the security services.

Western intelligence agencies say they have been forced into the rescue operations after Moscow gained access to more than 1m classified files held by the former American security contractor, who fled to seek protection from Vladimir Putin, the Russian president, after mounting one of the largest leaks in US history.

Senior government sources confirmed that China had also cracked the encrypted documents, which contain details of secret intelligence techniques and information that could allow British and American spies to be identified.

This is self-evidently nonsense because, as Ewen MacAskill of the Guardian notes,

Snowden said he handed over tens of thousands of leaked documents to journalists he met in Hong Kong and has not had them in his possession since. So what cache is the government talking about?
…
If the UK had evidence that Russia and China managed to penetrate his document cache or of agents being forced to move, the UK would have shared this with Washington. The White House would have happily briefed this openly…
…
[It helps deflect attention from the recent QC {Queen’s Counsel, I think}report, which calls the legal framework for surveillance] intolerable and undemocratic…
…
it is the Home Office rather than the Foreign Office that is quoted in the story [which is very peculiar considering that this is really a matter of agents abroad]
…
[The Times article is riddled with inaccuracies such as statements that] Snowden “fled to seek protection from Vladimir Putin…[actually, he was forced to seek asylum because the U.S. denied him transit to Latin America] ” whether Russia and China stole Snowden’s data or “whether he voluntarily handed over his secret documents in order to remain at liberty in Hong Kong and Moscow” [actually, he gave them to journalists]. … “David Miranda, the boyfriend of Guardian journalist Glenn Greenwald, was seized at Heathrow in 2013 in possession of 58,000 ‘highly-classified’ intelligence documents after visiting Snowden in Moscow.[actually, Miranda was stopped after visiting Laura Poitras in Berlin; the Guardian didn’t notice, but he wasn’t carrying any documentsAccording to the Guardian, I’m wrong on this point]”

I think there’s a much more obvious explanation for the appearance of the article in The Times. The U.S. was just hacked, exposing the names of millions of its employees. While covert employees presumably have covers, it wouldn’t take all that much effort for a foreign state to figure out which ones have traveled. So, the U.S. government has to come up with a scapegoat for its failure to protect data… a matter for which our government is significantly responsible, since it has made computers so amenable to hacking. All the Chinese have to do is find out what defects have been built into commercial software by the NSA and engineer an entry through the same hole.

Until we get better governments, could we at least have better liars? The UK/US governments and the Sunday/NY Times are just awful at it.
____

George Howell: How do senior officials at No. 10 Downing Street know these files were breached?

Tom Harper: Well, uh, I don’t know, to be honest with you, George. All we know is that this is effectively the official position of the British government…

Howell: How do they know what was in them if they were encrypted? Has the British government also gotten into these files?

Harper: Well. Um, I mean, the files came from America and the UK. So, uh, they may already have known for sometime what Snowden took. Again, that’s not something that we’re clear on, so we don’t go into that level of detail in the story. We just publish what we believe to be the position of the British government at the moment.

Howell: Your article asserts that it is not clear if the files were hacked or if Snowden gave these files over when he was in Hong Kong and Russia. So which is it?

Harper: Well, again, sorry to just repeat myself, George, but we don’t know so we haven’t written that in the paper. Um, you know, it could be, it could be another scenario. When you’re dealing with the world of intelligence there are so many unknowns and so many possibilities, it’s difficult to state anything with certainty…

Howell: So we’re just really hearing, you know, what the British government is saying at this point. The article mentions these MI6 agents. Were they directly under threat as a result of the information leaked, or was it just a precautionary measure?

Harper: Again, I’m afraid to disappoint you, we just don’t know…

Howell: So essentially you’re reporting what the government is saying, but as far as the evidence to substantiate it, you’re not really able to comment or to explain that at this point. Right?

Harper: No… obviously when you’re dealing with intelligence, you know, it’s the toughest nut to crack. And, um, unless you actually have leaked intelligence documents, like Snowden had, it’s very difficult to say anything with certainty.

Like this:

They probably didn’t do the Sony hack. Also, the hackers who brought N. Korea down were probably black hats not affiliated with the U.S. government. See my post on Daily Kos.

I know, I know. This isn’t news. Internet sites like Wired and Ars Technica have been skeptical all along. So have I, but the absence of evidence at this point is really starting to look like evidence of absence of any sense at all in the US government.

Share this:

Like this:

As you may know, a very basic vulnerability in the Internet has been discovered, one that may have permitted passwords to be stolen for up to two years. Kaspersky has recommended a test for servers here. The default is for Internet Exploder, but there is also a variant for Firefox and Chrome:

Luckily, there is a long list of popular websites that were checked against the vulnerability. Good news: PayPal and Google are unaffected. Bad news: Yahoo, Facebook, Flickr, Duckduckgo, LastPass, Redtube, OkCupid, 500px and many others was vulnerable. Get ready to act if you have an account on those vulnerable sites

Dr Seggelmann, of Münster in Germany, said the bug which introduced the flaw was “unfortunately” missed by him and a reviewer when it was introduced into the open source OpenSSL encryption protocol over two years ago.

“I was working on improving OpenSSL and submitted numerous bug fixes and added new features,” he said.

“In one of the new features, unfortunately, I missed validating a variable containing a length.”

After he submitted the code, a reviewer “apparently also didn’t notice the missing validation”, Dr Seggelmann said, “so the error made its way from the development branch into the released version.” Logs show that reviewer was Dr Stephen Henson.

Dr Seggelmann said the error he introduced was “quite trivial”, but acknowledged that its impact was “severe”.

Share this:

Like this:

We previously covered the tragic story of Aaron Swartz, who was hounded to his death by a prosecution that seemed malicious and disproportionate, charging him with 13 felonies for downloading publicly-accessible files from MIT’s JSTOR account–even though JSTOR refused to say Swartz had stolen data. It is increasingly evident that the prosecution was completely wrong-headed. Scott Horton:

The flaw in Ortiz’s posture has been laid bare by Chief Judge Alex Kozinski of the Ninth Circuit Court of Appeals. In United States v. Nosal, he dismissed the theory Ortiz used to go after Swartz, saying it would potentially criminalize “everyone who uses a computer in violation of computer use restrictions — which may well include everyone who uses a computer.” Kozinski was born and raised in Communist Romania, and knows a thing or two about totalitarian states — and he knows that prosecutorial overbreadth is their leitmotif. If conduct can be charged so broadly as to cover virtually everyone, then prosecutorial discretion effectively becomes a license to persecute anyone who stands in the state’s way. Radley Balko and Clive Crook have each focused on this concern about the Swartz case. I share the essence of their analyses.

The Ninth Circuit is California, whereas Boston is First Circuit. So an opinion by Kozinski isn’t binding on whoever would have tried the case in Massachusetts District Court. But Ortiz would have done well to consider what he said, which is (in my layman’s interpretation) computers aren’t somehow special. Just because you do something using a computer does not automatically convert what would otherwise be a civil wrong (tort) or infraction of institutional rules into espionage, treason, or some other arcane crime. If you take confidential information from your employer, it shouldn’t matter whether it was in a filing cabinet or on a computer. It’s wrong, but probably not a felony.

Maybe someday enough prosecutors and judges will understand computers to get this simple idea: there’s nothing special about them.

The accomplished [Aaron] Swartz co-authored the now widely-used RSS 1.0 specification at age 14, founded Infogami which later merged with the popular social news site reddit, and completed a fellowship at Harvard’s Ethics Center Lab on Institutional Corruption. In 2010, he founded DemandProgress.org, a “campaign against the Internet censorship bills SOPA/PIPA.”

I remember a creature who seemed at first almost to be made up of pure data, disembodied—a millionaire, I had to have guessed, given his early success building a company sold to Condé Nast, but one who seemed to live on other people’s couches. (Am I misremembering that someone told me he crashed in his apartment for a while, curling up to sleep under a sink?)

Only slowly, it seems, did he come to learn that he possessed a body. This is my favorite thing he wrote: about the day “I looked up and realized I couldn’t read the street sign. I definitely used to be able to read that sign, but there it was, big and bright and green along the highway, and all I could make out was a blur. I had gone blind.” Legally blind, it turned out; and then when he got contact lenses, he gave us an account of what it felt like to leave Plato’s cave: “I had no idea the world really looked like this, with such infinite clarity. It looks like a modernist photo or a hyperreal film, everything in focus everywhere. Everyone kept saying ‘oh, do you see the leaves now?’ but the first thing I saw was not the leaves but the people. People, individuated, each with brilliant faces and expressions at gaits, the sun streaming down upon them. I couldn’t help but smile. It’s much harder being a misanthrope when you can see people’s faces.”

This kind man dedicated his life to making information accessible, not for his own profit, but for the good of us all. He was a leader in Stop SOPA, for exaqmple, which this blog supported.

But in making information accessible, he ran afoul of the commercial world. Offended that court documents compiled at public expense were sold back to the public by Pacer, Swartz downloaded a lot of it at his own expense, and made it available for free. Although this was legal, he had to face questioning by the FBI. What got him into trouble was that he downloaded scholarly papers from JSTOR to do the same thing. Although these articles are also produced at public expense, publishers collect enormous fees, often a dollar or more per page, to those who need to access them. With more and more journals fully electronic, this creates a dangerous chokepoint on technical knowledge that threatens small, entrepreneurial businesses.

When confronted, Swartz offered to return all copies, JSTOR did not see any reason to prosecute. MIT was less clear. But the prosecutor, Carmen Ortiz, decided to throw the book at him. Glenn Greenwald:

He adamantly refused to plead guilty to a felony because he did not want to spend the rest of his life as a convicted felon with all the stigma and rights-denials that entails. The criminal proceedings, as Lessig put it, already put him in a predicament where “his wealth [was] bled dry, yet unable to appeal openly to us for the financial help he needed to fund his defense, at least without risking the ire of a district court judge.”

According to Greenwald, if all the allegations by the Feds were correct, Swartz should have been prosecuted for simple trespass. He cites Timothy B. Lee:

Assuming the facts in the indictment are true, Swartz is something like a digital trespasser. Under Massachusetts law, such trespassing is punishable by a $100 fine and up to 30 days in prison. That seems about right: if he’s going to serve prison time, it should be measured in days rather than years.

At the bottom of this is the tension between art and commerce. Science, literature, and all creative endeavors are generated by an irrepressible impulse to add to the world. Their creators want to be rewarded by a livelihood, of course, but few obtain much of one. Instead, commerce takes the overwhelming portion of the rents of their work, whether it be the profits of publishers or of pharmaceutical companies. The public is told that laws preventing unauthorized reproduction are for the protection of the creator, but this is mostly false. If the primary beneficiary were the producer, then producers would be wealthy. Instead, the creative side of human life is being driven out of existence.

Nowhere is this more true than in scientific work, where access to the literature is the sine qua non of creativity. If small companies followed the laws and regulations to the letter, few would exist. In various ways, they circumvent them. Large companies do, too, though they pay for more of their literature. The people who Swartz would have benefited would have been small entrepreneurs, recent graduates with a dream, cranky old inventors, and all the other creative people who are what made America so technologically dynamic.

One more beautiful human life has been sacrificed to Pluto, god of Money. There are no words.
____________
Added: Expert witness Alex Stamos, who had planned to testify for Swartz, says that:

If I had taken the stand as planned and had been asked by the prosecutor whether Aaron’s actions were “wrong”, I would probably have replied that what Aaron did would better be described as “inconsiderate”. In the same way it is inconsiderate to write a check at the supermarket while a dozen people queue up behind you…

______________
Update: Tom Levinson at Balloon Juice believes that MIT, thanks to its new president Rafael Reif, has begun a serious self-examination of their role in Aaron Swartz’s death. I have my own view of MIT (see, for example this post). It is a school in some ways run by and for corporations: lots of fun if you are a player, but the system is easily corrupted. MIT could be/become a leader in championing open information, which would only be fair considering how much their entrepreneurial culture depends on what scientific publishers would call “theft of intellectual property.” Let’s hope so.

And emptywheel wants to know whether MIT brought in the Secret Service (my guess is not).

Apple makes many great products. But there’s a dark side. It can only say it’s a green company because it outsources its pollution. Jonathan Watts, The Guardian:

Apple is more secretive over its supply chain than nearly all of its rivals, says a report from leading Chinese environment groups.

Apple is more secretive about its supply chain in China than almost all of its rivals, according to a new report by anti-pollution activists who accuse the company’s products of degrading the environment and poisoning workers.

Despite its claim to be a leading promoter of corporate ethics worldwide, the maker of iPads and iPhones came joint bottom among 29 major IT firms in a transparency study drawn up by a coalition of China’s leading environmental groups.

“Behind their stylish image, Apple products have a side many do not know about – pollution and poison. This side is hidden deep within the company’s secretive supply chain,” claims a statement by the 36 groups involved in the Green Choice Initiative.

Their report – the fourth to look at the impact of global brands on China’s environment – considers the openness of IT firms and their responsiveness to reports of environmental violations at suppliers.

It follows a series of workplace poisonings, heavy metal contamination incidents and suicides at Chinese factories that supply materials and components for mobile phones and computers….

Hewlett Packard, British Telecom, Samsung, Sony, Siemens and Alcatel were credited as being the most responsive to third-party inquiries about alleged environmental violations.

Computers in general are a dirty industry. Heavy metals. Gold. Nasty acids. Petroleum-based plastics. And they are huge hogs of electrical power. It’s a shame Apple isn’t using some of its new wealth to lay up some treasure in heaven.

The Institute of Public & Environmental Affairs asks that you write to Apple at supplierresponsibility@apple.com.

[Added: Though if n-hexane is the culprit in some of these cases of illness, I’d worry more about a fire than anything else. The stuff is a light fraction of gasoline. You’d have to have a very heavy exposure to cause nerve damage].

Share this:

Like this:

Hackers are increasingly hitting the Web sites of human rights and independent media groups in an attempt to silence them, says a new study released this week by Harvard University’s Berkman Center for Internet & Society.

Based on a survey of 45 groups, the report “Distributed Denial of Service Attacks Against Independent Media and Human Rights Sites” found that a large percentage said they’ve been targeted by distributed denial-of-service (DDoS) attacks from those who disagree with their viewpoints. The Web sites typically have been knocked offline for short periods of time but in some cases have been down for days….

One example cited in the Berkman Center’s study was that of Russian independent newspaper Novaya Gazeta. …Though Sokolov can’t be sure who’s behind the attacks, he believes the culprits are government-sponsored “Kremlin Youth” organizations.

And that’s presumably who was hitting Wikileaks. The American chapter of Kremlin Youth, otherwise known as Republicans.